<?
/*----------------------------------------------------------------------
          (C) Bobtail-Bear 2006 	小飞熊新一代下载系统
          	代码编写：小飞熊	版权所有：小飞熊[L.F.Bear]
				官方网站/技术支持：http://www.lfbear.cn
------------------------------------------------------------------------
          (C) Bobtail-Bear 2006 	L.F.Bear's New Download Sysytem
          	Powered by L.F.Bear  Copyright L.F.Bear's Home(R)
               Official Web/Support：http://www.lfbear.cn
-----------------------------------------------------------------------*/

//本页脚本功能：浏览附件
$thispage="up_see.php";
echo ("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />");
require("../function.php");
require("check.php");

if ($_COOKIE[status]=="login" && $_SESSION[login]=="yes")
{
$yourname=$_COOKIE[yourname];
$level=$_SESSION[level];
if(!checklevel($level,"upload"))
	{$msg_title="系统信息：权限不足";
	$msg_link="up_see.php";
	$msg="您无法进行此项管理操作！<br><br>原因：您所在的用户组没有该权限。<br><br>";
	require("error.php");
	weblog("基本设置","无权限操作，被系统拦截！","red",$yourname,"触发页面：up_see.php");
	die;}

require("../include/config.base.php");
require("../include/config.inc.php");
if(!is_dir("../".$path_upload)) if(!mkdir("../".$path_upload, 0777)){
	$msg_title="系统信息：目录不存在";
	$msg_link="up_see.php";
	$msg="您无法查看附件目录。<br><br>原因：附件目录不存在，并且系统无法自动建立该文件夹，请手动建立附件文件夹。<br><br>";
	require("error.php");
	weblog("查看附件","附件目录不存在，并且无法自动建立","red",$yourname,"触发页面：up_see.php");
	die;
}
$uploadpath=$system_http."/".$path_upload;
$action=$_GET[action];
switch($action){
case delsure:
	$delname=$_POST[delname];
	$delname=str_replace("..","",$delname);
    $delname=str_replace("/","",$delname);
    $delname=str_replace("\\","",$delname);
    $delname="../".$path_upload."/".$delname;
    if(unlink($delname))
    {$msg_title="删除附件：成功删除";
	$msg_link="up_see.php";
	$msg="您已成功删除了 $delname 附件。<br><br>点击“确定”返回附件浏览页面！<br><br>";
	require("ok.php");
	weblog("删除附件","成功删除 $delname","green",$yourname,"触发页面：up_see.php?action=delfile");}
    else
    {$msg_title="删除附件：删除失败";
	$msg_link="up_see.php";
	$msg="删除操作失败！<br><br>点击“确定”返回附件浏览页面！<br><br>";
	require("error.php");
	weblog("删除附件","删除 $delname 失败","red",$yourname,"触发页面：up_see.php?action=delfile");}
break;
case delfile:
	$fname=$_GET[fname];
	$fname=str_replace("..","",$fname);
    $fname=str_replace("/","",$fname);
    $fname=str_replace("\\","",$fname);
print <<<EOT
<script  language="JavaScript">
function gotourl()  {
 this.location='up_see.php';
}
</script>
<link href="images/css.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#DDF1FF"><br><br><br>
<form method="post" action="up_see.php?action=delsure">
  <table width="750" border="1" align="center" cellpadding=4 cellspacing=0 bordercolor="#ACC1FC" heoght=400>
    <tr bgcolor='#ACC1FC'>
      <td width="728"><a class="title">删除文件确认</a></td>
    </tr>
    <tr bgcolor='#FFFFFF'>
      <td bgcolor="#EBE9ED" class="comments-title" align="center"><br>
        是否删除文件
        <input name="delname" type="text" id="delname" value="$fname" size="50" readonly>
        <br>
        <br>
       <font color=red> 注意：删除文件是不逆的，请慎重选择！</font><br><br></td>
    </tr>
    <tr bgcolor='#FFFFFF'>
      <td align="center" bgcolor="#FFFFFF" class="comments-title"><input type="submit" name="Submit" value="确认删除">
        <input name="nodel" type="button" id="nodel" value="不要删除" onClick="gotourl();"></td>
    </tr>
  </table>
</form>
<br>
EOT;
break;

case copyurl:

$fname=$_GET[fname];
$uppath=$uploadpath."/";
print <<<EOT
<Meta http-equiv='Refresh' Content='1; Url=up_see.php'>	
<link href="images/css.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#DDF1FF"><br><br><br><br><br><br>
<table width="750" border="1" align="center" cellpadding=4 cellspacing=0 bordercolor="#ACC1FC" heoght=400>
  <tr bgcolor='#ACC1FC'>
    <td width="728"><a class="title">自动复制文件名</a></td>
  </tr>
  <tr bgcolor='#FFFFFF'>
    <td bgcolor="#EBE9ED" class="comments-title" align="center"><br>状态：文件名 <input name="cname" type="text" id="cname" value="$fname" size="50" readonly> <br><br>已经复制到剪贴板，自动返回中…</td>
  </tr>
  <tr bgcolor='#FFFFFF'>
    <td bgcolor="#FFFFFF" class="comments-title">&nbsp;<input name="qianzhui" type="hidden" id="qianzhui" value="$uppath"></td>
  </tr> 
</table>
	<script language="javascript">

{
	cname.value=qianzhui.value+cname.value;
	cname.focus()
	cname.select()
	therange=cname.createTextRange()
	therange.execCommand("Copy")
}
</script>

EOT;
break;

default:

$dir="../".$path_upload;
$handle=opendir($dir);
$i=0;unset($show);
while ($file = readdir($handle)) {
    if($file=="." || $file=="..") $show=$show; 
    else {
    $showfile=$file;$i++;
    $size=number_format(filesize("../".$path_upload."/".$file)/1024,2);
    $time=date("Ynd H:i:s", filemtime("../".$path_upload."/".$file));
    $show.="
    <img src=\"images/file.jpg\" align=\"middle\"> <input name=\"filename_$i\" type=\"text\" id=\"filename_$i\" value=\"$showfile\" size=\"40\" style=\"background-color:#FFFFFF\" readonly> [<a href=up_see.php?action=copyurl&fname=$showfile>复制文件地址</a>]&nbsp;[<a href=up_see.php?action=delfile&fname=$showfile>删除文件</a>]
    &nbsp;<font color=blue>文件信息：<a title=\"文件大小\">$size KB</a> / <a title=\"上传时间\">$time</a></font>&nbsp;

<br>
";}
}
if($show=="") $show="目前无上传附件";
closedir($handle); 


//$temp="http://".gethostbyaddr(getenv("REMOTE_ADDR"));
$act="?".$action;
$msg_="重要信息";
$msg_color="#FF8C1A";
require("msg.php");
print <<<EOT
<head>
<link href="images/css.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#DDF1FF">
<table width="750" border="1" align="center" cellpadding=4 cellspacing=0 bordercolor="#ACC1FC" heoght=400>
  <tr bgcolor='#ACC1FC'>
    <td width="728"><a class="title">欢迎您：$yourname 登陆管理程序</a></td>
  </tr>
  <tr bgcolor='#FFFFFF'>
    <td bgcolor="#EBE9ED" class="comments-title">附件管理--&gt;附件浏览</td>
  </tr>
  <tr bgcolor='#FFFFFF'>
    <td bgcolor="#FFFFFF"><a class="sidetitle">当前目录 $uploadpath </a></td>
  </tr>
						<tr>
							<td bgcolor="#FFFFFF">$show</td>
						</tr>
					  		 	<tr>
							<td bgcolor="#FFFFFF">&nbsp;</td>
						</tr>
                          </form>
</table>
EOT;
require("footer.php");
exit;
die;
break;

}
}
else die("Error Parameter,Forbidden Access!");
?>